Arista Improves Cloud Visibility and Security with DANZ 2017

Arista extends platform support for its Data ANalyZer (DANZ) technology across more switches and provides a CloudVision abstraction layer for integration with OpenStack cloud deployments.

When it comes to getting visibility into a cloud network, there can be quite a few challenges. After all, there is multi-directional server-to-server, intra-server, virtualized, encapsulated and north-south (in and out of the cloud data center) traffic. It's a challenge that networking vendor Arista is tackling with its CloudVision and Data ANalyZer (DANZ) software that run on the company's Linux-based EOS (Extensible Operating System) powered switching hardware.

DANZ and CloudVision are now being brought to the Arista 7500R and 7280R family of data center switching platforms, providing up to 432 ports of 100G and 1152 ports of 25G.

Rather than build some form of purpose-built packet broker hardware, Arista's CloudVision runs on its existing switching gear, providing an easier way to deploy and manage a network analysis framework.

"Cloud services are driven by availability," Jeff Raymond, VP of EOS products and services at Arista, told EnterpriseNetworkingPlanet. "Availability is dictated by multiple elements, including resilient design, a good process approach for operation, and also security, which is driving the need for greater visibility."

Joe Hielscher, Director of Strategic Technologies at Arista, said DANZ was first launched in 2013 on the 7150 series of switches.

"DANZ provides the ability to aggregate precisely selected traffic back to a tool farm, for example a security stack, and it works in co-operation with CloudVision," Hielscher said. "CloudVision provides deep visibility into what is happening in the production network as well as providing automation for both the visibility infrastructure and production infrastructure."

The DANZ approach is an alternative approach to using a separate network tap, providing non-blocking bandwidth connectivity. The whole system makes use of an open architecture and runs on merchant silicon.

The CloudVision approach is not directly an application layer (Layer 7) visibility platform. Hielscher explained that Arista partners with multiple application visibility vendors that can integrate and get data from CloudVision and DANZ to perform analysis.

"We filter information that could be Layer 7 information but we don't actually process it," Hielscher said. "We have a deep packet inspection process, but its primary goal is to do precision filtering of traffic."

From a cloud infrastructure perspective, there are multiple points where Arista's CloudVision and DANZ will fit in. Raymond said that specifically in the case of OpenStack, Arista has an ML2 plugin that is used with OpenStack Neutron for cloud network provisioning, with CloudVision being the integration point.

"So instead of OpenStack writing to hundreds of discrete Arista switches, OpenStack has to simply manage a connection to one CloudVision instance," Raymond said. "With that we simply integration and let the network handle the network nuances."

Sean Michael Kerner is a senior editor at EnterpriseNetworking Planet and InternetNews.com. Follow him on Twitter @TechJournalist.